Crime Toolkits: The Current Threats to Web Applications

Abstract Increasingly, web applications are being developed over the Internet. Securing these web applications is becoming important as they hold critical security features. However, cybercriminals are becoming smarter by developing a crime toolkit, and employing sophisticated techniques to evade detection. These crime toolkits can be used by any person to target Internet users. In this paper, we explore the techniques used in crime toolkits. We present a current state-of-the-art analysis of crime toolkits and focus on attacks against web applications. The crime toolkit techniques are compared with the vulnerability of web applications to help reveal particular behavior such as popular web application vulnerabilities that malicious writers prefer. In addition, we outline the existing protection mechanism, and observe that the possibility for damage is rising, particularly as specialization and scale increase in cybercrime.

[1]  Christopher Krügel,et al.  Your botnet is my botnet: analysis of a botnet takeover , 2009, CCS.

[2]  Veelasha Moonsamy,et al.  Analysis of malicious and benign android applications , 2012, 2012 32nd International Conference on Distributed Computing Systems Workshops.

[3]  Jemal H. Abawajy,et al.  Web application protection against SQL injection attack , 2011, ICIT 2011.

[4]  Tracey Caldwell Ethical hackers: putting on the white hat , 2011, Netw. Secur..

[5]  Mamoun Alazab,et al.  Towards Understanding Malware Behaviour by the Extraction of API Calls , 2010, 2010 Second Cybercrime and Trustworthy Computing Workshop.

[6]  Mauro Coccoli,et al.  Social Network Engineering for Secure Web Data and Services , 2013 .

[7]  Jemal H. Abawajy,et al.  Using feature selection for intrusion detection system , 2012, 2012 International Symposium on Communications and Information Technologies (ISCIT).

[8]  Christopher Krügel,et al.  Detection and analysis of drive-by-download attacks and malicious JavaScript code , 2010, WWW '10.